The growing raft of online security compromises is the reason that companies like Google, Facebook and Intuit are offering their users advanced security options, including text message (SMS) and voice notifications. This form of security is commonly referred to as two-factor authentication because it requires users to demonstrate their identity in two independently secure ways.

In Google, Facebook and Intuit’s case, the two-factor authentication uses both a password and an authentication code from a text message or phone call.

Two-factor authentication with voice and SMS notifications

Here’s how it works, as a user:

You sign up for an online service, and enter your cell (or home) phone number during the sign up process.

Later, the first time you sign in on a new device or browser, the service either sends you a text message with a verification code or calls you and reads the code back to you.

You enter the verification code on the login page and you are granted access.

The service can either ask for this verification every time you log in or only every so often. Google, for example, only requires this verification every 30 days. Other companies will request verification if you make a critical update to your account, such as a password change or changing the shipping address.

Facebook has taken two-factor authentication to the next level. The social network not only enables you to require two-factor authentication for logins, but also offers the ability to require it for 3rd Party Apps (such as Spotify and Farmville).

Two-factor authentication with voice and text messages is a powerful layer of security. For a hacker to get into your account, they would need both your password AND access to your mobile device, something that they are not likely to have.

Why should you care about two-factor authentication?

The standard model of username and password is broken. Your usersname can be easily guessed (in most cases it is simply an email) and even secure passwords aren’t always secure. Security breaches where passwords are leaked are all over the news.

Users are typically very careless with their password selection. In the Gawker case, “123456” is the most common password, followed by “password.” Many people used their own name.

Your own employees aren’t much more cautious – most of Gawker’s employees had very common words (or slight variations thereof).

Because many people use the same passwords for many sites, once an account is compromised, a hacker can unleash all kinds of havoc.

Why should you use two-factor authentication with voice and SMS?

When it comes down to it, there are two simple reasons: convenience and cost

Convenience:

There are over 4.6 billion cell phones in the world. In addition to its ubiquity, the cell phone has become one of the most personal items that we own. Ninety percent of cell phone users are within 3 feet of their device at any given time.

With the old model of two-factor authentication, users had difficulty remembering to keep a USB plug or token with them at all times. The phone solves this problem.

Cost

The cost of two-factor authentication has historically put it out of the reach of most companies, even just to use with employees. But with Twilio voice and SMS, two-factor authentication is so simple and affordable that you can offer it to all of your customers – not just important employees. While previous methods of two-factor authentication cost around $50-$100 per user, Twilio costs 1¢ per text message and per minute of voice interaction, with no contracts, upfront fees or telecom headaches.